Question - Does Registering other users (without .htaccess authentication enabled) as the TWiki admin cause mass havoc?
We had a perfectly functional TWiki site. Our SA set it up w/out htpassword, so no logins. But we created users anyway and my username was set as the TWiki admin and both my SA and I were members of the admin group. Another member of the team wanted a username created but couldn't access the site (despite the fact that TWikiGuest was set to allowview for the entire TWiki site - so perhaps this was part of a larger problem). I went to add that user, and then everything was changed so that this new user 'owned' everything that my user previously owned. It seems as tho' Twiki assumed that I was changing my own username, and everywhere my username owned a topic, it was changed to the new username. After that, I couldn't even view the site anymore. Then our SA couldn't even administer the TWikiUsers page for any web. It showed up empty. What in the world happened? This is on linux i686, 2.4.9-e.40smp, and running on IBM WAS Apache version 5.1.Environment
Answer
It looks like you have IP based session tracking enabled. Once you register a user your IP address is assumed to belong to the new user until you re-authenticate. Edit any page and the browser should send the right login. Alternatively, manually clear the new user's entry indata/remoteusers.txt.
Something does not make sense though. You state "without .htaccess authentication enabled" and "TWikiGuest was set to allowview", which is mutually exclusive. Either you have authentication enabled with .htaccess or all users are considered TWikiGuest.
-- PeterThoeny - 25 Jan 2005
Unless TWiki comes out of the box with htaccess enabled, we didn't have it enabled. We initially had trouble with just anyone coming into the site and viewing, so the SA set allowview for the main web to be TWikiGuest. (I'm going on what the SA told me he did, I wasn't witness.) But the problem yesterday morning was just that - based on what the SA had done to make the web viewable to all (configured TWikiGuest to view at the topmost level) and that he'd never enabled htaccess auth, it was odd that other users couldn't see the site. Perhaps someone else broke something, I do not know. But a reinstall seems to fixed whatever the problem was.
However, it is curious that even if we do have htaccess enabled, it is seemingly impossible for a user to set a password. A user can register but doesn't get an opportunity to set a password... I recall on an earlier version of TWiki (that we successfully used for over 18 months for multiple projects, including requirements gathering/mgmt) that users did provide one on initial registration - however, I didn't have any hand in setting that up or admin'ing....
-- AlexxStehman - 25 Jan 2005
TWiki ships with two registration pages, one or the other should be used. See TWikiUserAuthentication docs.
You can add passwords for existing users after the fact: - Add each user to .htaccess with a fake encrypted password such as:
JohnSmith:1234567890123
HomerSimpson:1234567890123 - ResetPassword for each user
- InstallPassword for each user
Topic revision: r5 - 2005-02-02 - PeterThoeny
Site map
Blog web
Search
Changes
RSS Feed
Notifications
Statistics
Preferences
Register new user
Support Forum 
Ask a question
Open questions 
My recent questions
Get quick help in #twiki IRC channel
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.